As well as attempting to delete files and sending repeating HTTP requests to Symantec's Web site (an unsophisticated DDoS ploy), Winevar also displays a rude message.

The virus normally arrives by email with an infected attachment. If Windows PC users click on the attachment, the virus gets to work screwing up systems.

Winevar-A is a dropper for the W32/Flcss virus and a worm which spreads by emailing itself via SMTP to addresses on the local computer. It also tries to terminate AV and security programs running on a machine.

And there's more.

On system restart Winevar-A displays the message "Make a fool of oneself: What a foolish thing you've done!".

If users press the OK button the worm deletes all deletable files in all folders.

AV vendors have mostly updated their definition files to detect the Winevar, which has not spread widely - yet. Here is AV vendor Sophos's description of the virus. ®